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IN THE CLAfMS: 
Amended claims follow: 

1 . (Currently Amended) A method for managing user attributes in a 
distributed computing system, wherein user attributes determine access rights to a 
computer application: the method comprising: 

modifying an attribute database in order to create modifications ^ wherein 
the attribute database includes a plurality of possible user attributes and a data 
structure identifying a plurality of users; 

obtaining an identity certificate from a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications : 

assigning an attribute from the plurality of possible user attributes to the 
user ; wh e r e by tho usor is granted - access rights based on the attribute and tho 
identit)' c e rtificate ; 

storing tlie attribute assigned to the user into the attribute database , thus 
creating more of the modifications : and 

distributing the modifications to the attribute database to a plurality of 
hosts coupled together by a network^ 

wherein the u ser is granted access rights based on the attribute and the 
identity certificate . 

2. (Currently Amended) The method of claim 1 , further comprising: 
assigning a second attribute from the plurality of possible user attributes to 
the use r, in addition to said attribute : and 
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storing the second attribute assigned to the user into the attribute database, 
thus creating more of the modiilcations . 

3. (Currently Amended) The method of claim 1 , further comprising 
using secure communications fe fwhen distributing the.modifications to the 
attribute database to the plurality of hosts. 



4. (Currently Amended) The method of claim 1, furtlier comprising 
signing the attribute database with a cryptographic signature prior to the 
distributing to allow detection of unauthorized changes to the attribute database. 

5. (Currendy Amended) The method of claim 1, wherein a host of the 
plurality of hosts can distribute th^modifications to the attribute database to a 
subordinate host in a tree architecture. 

6. (Currently Amended) The method of claim 1, further comprising 
allowing the user to assume any attribute stored into the attribute database that is 
assigned to the use r during the assi pninq. 



7. (Currently Amended) The method of claim 1, further comprising: 
deleting the attribute assigned to the user from the attribute database , after 
the distributing, thus creating more of the modifications : and 

redistributing the modifications to the a ttribute database to the plurality of 

hosts. 



8, (Original) The method of claim I, wherein modifying the attribute 
database includes creating the attribute database. 
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9. (Currently Amended) A computer-readable storage medium storing 
instructions that when executed by a computer cause the computer to perform a 
method for managing user attributes in a distributed computing system, wherein 
user attributes determine access rights to a computer application: the method 
comprising: 

modifying an attribute databas e in order to create modifications, wherein 
the attribute database includes a data structure identifying a plurah'ty of possible 
user attributes and a plurality of users; 

obtaining an identity certificate fi-om a certificate authority; 

associating the identity certificate with a user from the plurality of users 
within the attribute database , thus creating more of the modifications: 

assigning an attribute from the plurality of possible user attributes to the 
use r, wh e reby the user is granted aoGOGs rights baflod on the attribut e and tho 
identity ocrtificatc ; 

storing the attribute assigned to the user into the attribute database , thus 
creatinu more of the modifications: and 

distributing the.modifications to the attribute database to a plurality of 
hosts coupled together by a network; 

wherein the user is granted access rights based on the attribute and the 
identity certificate . 

1 0. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising: 

assigning a second attribute from the plurality of possible user attributes to 
the use r, in addition to said attribute : and 
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Storing the second attribute assigned to the user into the attribute database, 
thus creating more of the modii ications . 

1 1 . (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising using secure communications fe ^hen 
distributing the^modifications to the attribute database to the plurality of hosts. 

1 2. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising signing the attribute database with a 
cryptographic signature prior to the distributing to allow detection of unauthorized 
changes to the attribute database. 

13. (Currently Amended) The.computer-readable storage medium of 
claim 9, wherein a host of the plurality of hosts can distribute th^modifications to 
the attribute database to a subordinate host in a tree architecture. 

14. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising allowing the user to assume any attribute 
stored into the attribute database that is assigned to the use r during the assig ning. 

15. (Currently Amended) The computer-readable storage medium of 
claim 9, the method further comprising: 

deleting the attribute assigned to the user from the attribute database , after 
the distributing, thus creating more of the modifications : and 

redistributing the modifications to the attribute database to the plurality of 

hosts. 
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1 6. (Original) The computer-readable storage medium of claim 9, 
wherein modifying the attribute database includes creating the attribute database. 

1 7. (Currently Amended) An apparatus that facilitates managing user 
attributes in a distributed computing system, wherein user attributes determine 
access rights to a computer application: the apparatus comprising: 

a modifying mechanism configured to modify an attribute database jn 
order to create modifications, wherein the attribute database includes a data 
structure identifying a plurality of possible user attributes and a plurality of users; 

an identity certificate obtaining mechanism configured to obtain an 
identity certificate from a certificate authority; 

an associating mechanism configured to associated the identity certificate 
with a user from the plurality of users within the attribute database , thus creating 
more of the modifications : 

an assigning mechanism configured to assign an attribute fh)m tlie 
plurality of possible user attributes to the userr-whorcby the user is granted aoocss 
rights based on th e attribute and tho idcntit)' certificate ; 

a storing mechanism configured to store the attribute assigned to the user 
into the attribute database , thus creating more of die modificatinns - and 

a distributing mechanism that is configured to distribute th^modifications 
to the attribute database to a plui*ality of hosts coupled together by a network; 

wherein the user is grante d access rights based on the attribute and the 
identity certificate . 

18. (C urrently Amended) Tlie apparatus of claim 1 7, further 
comprising: 
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the assigning mechanism that is further configured to assign a second 
attribute from the plurality of possible user attributes to the use r, in addition to 
said attribute : and 

the storing mechanism that is further configured to store the second 
attribute assigned to the user into the attribute databas e, thus creating more nf tfiP 
modifications . 



1 9. (Currently Amended) The apparatus of claim 17, further 
comprising a secure communications mechanism configured to distribute the 
modifications to the attribute database to the pluralit>' of hosts , during the 
distributing . 



20. (Currently Amended) The apparatus of claim 17, further 
comprising a signing mechanism that is configured to sign the attribute database 
with a cryptographic signature prior to the distributing to allow detection of 
unauthorized changes to the attribute database, 

2 1 . (Currently Amended) The apparatus of claim 1 1, wiierein the 
communications mechanism associated with a host of the plurality of hosts is 
configured to distribute the^modifications to the attribute database to a subordinate 
host in a tree architecture. 

22. (Currently Amended) The apparatus of claim 1 7, further 
comprising an aiithorization mechanism that is configured to authorize the user to 
assume any attribute stored into the attribute database that is assigned to the user 
during the assigning . 
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23. (Currently Amended) The apparatus of claim 1 7, further 
comprising: 

a deleting mechanism that is configured to delete the aturibute assigned to 
the user from the attribute database , after the distn'huting. thus creating more nf 
the modifications : and 

a redistributing mechanism tliat is configured to redistribute the 
modificati ons to the attribute database to the plurality of hosts. 

24. (Original) The apparatus of claim 1 7, wherein the modifying 
mechanism is further configured to create the attribute database. 
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